Crowdfense launches Vulnerability Research Hub for top security researchers
Crowdfense officially launched the Vulnerability Research Hub out of beta. After being internally developed and fine-tuned for several months, Crowdfense opened their …
bug bounty
Facebook offers bounties for user token bugs in third-party apps, websites
Facebook is expanding its bug bounty program to include vulnerabilities in third-party apps and websites that involve improper exposure of Facebook user access tokens. …
Google offers rewards for techniques that bypass their abuse, fraud, and spam systems
Google is expanding its vulnerability reward program again: the company wants to be notified about techniques that allow third parties to successfully bypass their abuse, …
Hack the Marine Corps bug bounty program kicks off
The U.S. Department of Defense (DoD) and HackerOne launched the Department’s sixth bug bounty program, Hack the Marine Corps. The bug bounty challenge will focus on Marine …
HP plugs critical RCE flaws in InkJet printers
HP has plugged two critical vulnerabilities (CVE-2018-5924, CVE-2018-5925) affecting many of its InkJet printers and is urging users to implement the provided firmware updates …
ZDI offers hefty bounties for zero-days in popular web servers, CMSes
The Trend Micro-backed Zero Day Initiative is asking bug hunters to look for zero-day RCE vulnerabilities in several open source server-side products and is ready to pay up to …
Vulnerability research and responsible disclosure: Advice from an industry veteran
“Everything changes once you have to supervise and mentor and schedule and coordinate and keep in mind all the things others don’t. You often have to hold back your own …
Exploring the dynamics of the attacker economy
Global software companies are increasingly turning to attackers for help identifying security vulnerabilities in their offerings – and they’re not the only ones. Conservative …
Microsoft offers bug bounties for holes in its identity services
Microsoft is asking security researchers to look for and report technical vulnerabilities affecting its identity services and OpenID standards implementations, and is offering …
George Gerchow, CSO at Sumo Logic: Our DevSecOps strategy
Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, their purpose-built, cloud-native service analyzes more than 100 …
